70
Views
8
CrossRef citations to date
0
Altmetric
Articles

An adaptive attack on 2-SIDH

ORCID Icon, ORCID Icon, , & ORCID Icon
Pages 282-299 | Received 04 Jun 2020, Accepted 01 Sep 2020, Published online: 24 Sep 2020
 

Abstract

We present a polynomial-time adaptive attack on the 2-SIDH protocol. The 2-SIDH protocol is a special instance of the countermeasure proposed by Azarderakhsh, Jao and Leonardi to perform isogeny-based key exchange with static keys in the presence of an adaptive attack. This countermeasure has also been recently explicitly proposed by Kayacan. Our attack extends the adaptive attack by Galbraith, Petit, Shani and Ti (GPST) to recover a static secret key using malformed points. The extension of GPST is non-trivial and requires learning additional information. In particular, the attack needs to recover intermediate elliptic curves in the isogeny path, and points on them. We also discuss how to extend the attack to k-SIDH when k>2 and explain that the attack complexity is exponential in k.

View correction statement:
Correction

Disclosure statement

No potential conflict of interest was reported by the author(s).

Additional information

Funding

This work was supported by Royal Society of New Zealand Marsden project [16-UOA-144], NSERC Michael Smith Foreign Study Supplement [533577-2018] and Ministry of Business, Innovation & Employment Catalyst project [UOAX1933].

Reprints and Corporate Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

To request a reprint or corporate permissions for this article, please click on the relevant link below:

Academic Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

Obtain permissions instantly via Rightslink by clicking on the button below:

If you are unable to obtain permissions via Rightslink, please complete and submit this Permissions form. For more information, please visit our Permissions help page.